Date: Sat, 21 Jan 2006 13:06:23 GMT From: "George V. Neville-Neil" <gnn@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 90069 for review Message-ID: <200601211306.k0LD6NoD080139@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=90069 Change 90069 by gnn@gnn_tahi_fast_ipsec on 2006/01/21 13:06:06 Fix pointer arithmetic so that we actually put the key in the database and not random garbage. First working version with new structures. Affected files ... .. //depot/projects/gnn_fast_ipsec/src/sys/netipsec/key.c#3 edit Differences ... ==== //depot/projects/gnn_fast_ipsec/src/sys/netipsec/key.c#3 (text+ko) ==== @@ -2799,10 +2799,14 @@ bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc)); } if (sav->key_auth != NULL) { + if (sav->key_auth->key_data != NULL) + free(sav->key_auth->key_data, M_IPSEC_MISC); free(sav->key_auth, M_IPSEC_MISC); sav->key_auth = NULL; } if (sav->key_enc != NULL) { + if (sav->key_enc->key_data != NULL) + free(sav->key_enc->key_data, M_IPSEC_MISC); free(sav->key_enc, M_IPSEC_MISC); sav->key_enc = NULL; } @@ -3070,7 +3074,6 @@ } switch (mhp->msg->sadb_msg_satype) { case SADB_SATYPE_ESP: - /* XXX FIX ME */ if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && sav->alg_enc != SADB_EALG_NULL) { error = EINVAL; @@ -3620,18 +3623,14 @@ key_dup_keymsg(const struct sadb_key *src, u_int len, struct malloc_type *type) { - struct seckey *dst = NULL; + struct seckey *dst; dst = (struct seckey *)malloc(sizeof(struct seckey), type, M_NOWAIT); if (dst != NULL) { dst->bits = src->sadb_key_bits; dst->key_data = (char *)malloc(len, type, M_NOWAIT); if (dst->key_data != NULL) { - bcopy(src + sizeof(struct sadb_key), + bcopy((const char *)src + sizeof(struct sadb_key), dst->key_data, len); - ipseclog((LOG_DEBUG, "%s: source bits %p\n", __func__, - src + sizeof(struct sadb_key))); - ipseclog((LOG_DEBUG, "%s: dst bits %p\n", __func__, - dst->key_data)); } else { ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); @@ -7265,12 +7264,25 @@ return m; } +/* + * Take one of the kernel's security keys and convert it into a PF_KEY + * structure within an mbuf, suitable for sending up to a waiting + * application in user land. + * + * IN: + * src: A pointer to a kernel security key. + * exttype: Which type of key this is. Refer to the PF_KEY data structures. + * OUT: + * a valid mbuf or NULL indicating an error + * + */ + static struct mbuf * key_setkey(struct seckey *src, u_int16_t exttype) { struct mbuf *m; struct sadb_key *p; - int len = PFKEY_ALIGN8(sizeof(struct sadb_key)); + int len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src)); if (src == NULL) return NULL; @@ -7285,11 +7297,25 @@ p->sadb_key_bits = src->bits; ipseclog((LOG_DEBUG, "%s: setting key data %s\n", __func__, src->key_data)); - bcopy(src->key_data, _KEYBUF(p), len); + bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src)); return m; } +/* + * Take one of the kernel's lifetime data structures and convert it + * into a PF_KEY structure within an mbuf, suitable for sending up to + * a waiting application in user land. + * + * IN: + * src: A pointer to a kernel lifetime structure. + * exttype: Which type of lifetime this is. Refer to the PF_KEY + * data structures for more information. + * OUT: + * a valid mbuf or NULL indicating an error + * + */ + static struct mbuf * key_setlifetime(struct seclifetime *src, u_int16_t exttype) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601211306.k0LD6NoD080139>